Using a VPN as a Shield Against Hackers

When you arrive at your favorite restaurant or coffee shop, pull out your laptop or mobile device and connect to a local Wi-Fi spot, you just MAY find yourself staring across the room at a creepy, ogre-shaped man – deep scar below his right eyelid – cackling menacingly, as he reads his computer’s display with all the information he’s actively stealing from other people connected to that network.

But . . . that’s quite unlikely. If only the threat was that easy to see! Unfortunately, in most situations, when your privacy and security are threatened via public networks, it won’t be nearly as obvious. Usually, the threat is concealed and crafty, and involves another individual using the same public Wi-Fi connection with packet capture (PCAP) programs or “sniffing software” to gather data about other user’s sessions. In some cases, hackers will actually set up a fake network with a very similar name to a legitimate connection, and attempt to lure unsuspecting people into the wolves’ den.

Woah! Sounds like Public Wi-Fi is a dangerous mess!

Actually, it’s not quite as sinister as it may sound. The good news is that popular online services, such as banking and social media, require encryption anytime sensitive information is transmitted. So, in the majority of situations, hackers trying to capture packets involving your bank accounts and passwords are only receiving high-strength encrypted strings of data and won’t be able to login and steal your savings on the spot. However, they will be able to capture a list of sites you are visiting and services you are using. At the very least, you have to assume that any privacy associated with your trail of internet activities is lost when using public Wi-Fi.

Following basic safety protocols when searching for public networks will significantly minimize the likelihood of hackers getting a hold of your personal information. For example, you may not want to risk connecting to a public network unless it has Wi-Fi Protected Access II (WPA2). That said, depending on how you plan to use the connection, you may not want to take any risks at all. If you want to ensure that you retain full privacy and all your information remains secure when using another network, there is a relatively simple solution – use a Virtual Private Network!

What is a VPN and what will it do for me?

A VPN is essentially added protection against a hacker intercepting your private information and activities, then using it against you. There are several types of VPN available – the most popular being OpenVPN and Cisco’s AnyConnect, to name a couple – but at the basic conceptual level, all VPNs are encrypted tunnels (connections between your computer and another host server, commonly referred to as a “VPN server”) which ensure that any traffic that passes between you and the VPN server is shielded from prying eyes, then directed to the intended destinations.
In other words, let’s say you are currently in Detroit, connected to a restaurant’s public Wi-Fi, using a VPN on your laptop and trying to log in to Facebook. Your request may first go to another VPN server located in Atlanta, which is associated with a different IP address. The request would then be sent to Facebook with encrypted credentials, and Facebook would return the page results back to the VPN server (and then back to your computer).

Hackers would be able to determine some information about your session, but it’s essentially useless for anyone with malicious intentions or even anyone trying to snoop into your personal business. Essentially, all they can see is that you’re using a VPN. They can obtain the IP address of the VPN server on the other end of the encrypted tunnel. That’s it! Hackers and snoopers will have no way of tracking any of your internet activities. Anything you do will remain private and secure.

What’s so great about VPN “tunnels”? They often use strong encryption ciphers such as AES-256. In theory, many of these modern ciphers are considered unbreakable, at least in terms of even the most elite hackers’ ability to decrypt and exploit the data in a reasonable timeframe using the computing power available today. In fact, the U.S. and Canadian governments rely on the defense of AES-256 for information requiring the highest clearance to obtain. So, when you use a VPN with a strong encryption cipher, think of it as forming a 20-foot, reinforced concrete wall around yourself, and the only weapons your enemies (hackers) have at their disposal are knives and small blades. They’re not getting through… unless they possess some kind of magic, or they’ve gone 20 years into the future and brought back an entire computing cluster for the sole purpose of defeating high-powered ciphers.

How do I find a VPN provider?

Demand for VPNs is on the rise, and fortunately, you have an abundance of reasonably priced VPN service providers in the market today. Keep in mind, scouting out “cheaper” providers isn’t necessarily the path you’ll want to take. In most cases, you will want to find a VPN service with high levels of encryption (256-bit or more), multiple VPN servers in various locations, and an acknowledgement that they don’t keep logs of their client’s activity (thus ensuring full anonymity).

Location of the VPN servers can be an especially important factor if your online activities involve large data transfers. The encryption process between VPN servers and the end source takes a little extra time, but it should not result in significant or notable delays. However, if you’re constantly downloading large quantities of data and your VPN provider’s nearest server is 3,000+ miles away from your location – or on a different continent – you may start running into problems with eroded performance.

As standard with any service, there’s also something to be said for the reputation of the VPN provider. Less reputable VPN providers fail to properly balance the amount of client connections during peak times. Using an overloaded VPN server can result in noticeably slower performance, and make the entire experience rather frustrating. If you start reading online reviews and opinions about a specific VPN provider, and find “slowness” is a recurring complaint, you’ll probably want to seek out an alternative.

Okay . . . Is a VPN really necessary?

Next time you visit your local Starbucks to use their Wi-Fi, do you desperately need a VPN to avoid being hacked? No, and such implications would be overly dramatic. As previously mentioned, the most sensitive data that typical internet users would enter is already encrypted by the platforms themselves. If you choose your networks carefully and abide by standard security precautions, your personal information will probably remain safe – even if you’re at McDonalds or Panera, paying a credit card bill online without a VPN.

That being said, every-day consumers should also be cognizant of the rising rate of cybercrimes and identity theft. The Bureau of Justice issued a press release in September of 2015, claiming that 17.6 million U.S. residents had experienced identity theft in some form during the year 2014. That means about 5.5% of the U.S. population (or 7% of those 16 or older) fell victim to identity theft, which is an increase from the 4-5% average consensus of the U.S. population in 2008. Simply put, more complicated encryption may be available, but hackers and cybercriminals appear to be gradually growing wiser and finding more opportunities.

So what’s the bottom line?

Just remember that when you use another establishment’s Wi-Fi, there’s always a slight amount of risk – even if incredibly miniscule – that a hacker could retrieve personal information if you are not using a VPN. Take into consideration that you also may not want the random fellow sitting directly in front you to be rummaging through your online activities, fully aware of every site and action you take. If you wish to remove those security risks and fully protect your privacy, you should start using a VPN service whenever you connect to another network.